Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-19304

Malware in sbrugna...

9.8CVSS9.5AI score0.02304EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-28101

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.02124EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28103

Malicious code in bioql PyPI...

10CVSS9.4AI score0.02309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 p.m.6 views

CVE-2021-36226

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files...

9.8CVSS7AI score0.00808EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.9 views

CVE-2020-25765

Addressed remote code execution vulnerability in regdevice.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140...

10CVSS7.7AI score0.05829EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 8:2 p.m.9 views

CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...

10CVSS8.6AI score0.02309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:58 p.m.9 views

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...

8.8CVSS8.2AI score0.02124EPSS
Exploits0References1
OSV
OSV
added 2023/05/18 6:15 p.m.2 views

CVE-2022-36326

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...

4.9CVSS5.8AI score0.00572EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/10 10:9 p.m.44 views

CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

5.1CVSS6.8AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/06 12:0 a.m.15 views

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

7.7AI score0.01046EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/07/25 6:47 p.m.15 views

CVE-2022-22999 Cross-site Scripting Vulnerability in USB Backups App

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

8.2CVSS8.4AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.22 views

CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...

10CVSS0.02309EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:35 p.m.84 views

CVE-2022-22992

CVE-2022-22992 describes a command-injection remote code execution on Western Digital My Cloud devices. The vulnerability arises from improper handling of user-provided input that is used in shell calls, with the fix noted as escaping individual arguments to shell functions. Reported impacts incl...

10CVSS9.4AI score0.02309EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/17 12:0 a.m.5 views

PT-2022-15762 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Devices affected versions not specified Description: A command injection remote code execution issue was discovered that could allow an attacker to execute arbitrary system commands on the device. The issue was...

10CVSS9.9AI score0.02309EPSS
Exploits0References5
NVD
NVD
added 2022/01/13 9:15 p.m.12 views

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...

8.8CVSS0.02124EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/13 9:15 p.m.5 views

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...

8.8CVSS7.6AI score0.02124EPSS
Exploits0References4
OSV
OSV
added 2022/01/13 9:15 p.m.4 views

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...

8.8CVSS7.9AI score
Exploits0References3
Prion
Prion
added 2022/01/13 9:15 p.m.20 views

Authentication flaw

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...

8.3CVSS9.3AI score0.02124EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/01/13 8:27 p.m.84 views

CVE-2022-22990

CVE-2022-22990 is a limited authentication bypass affecting Western Digital My Cloud devices. Multiple sources describe a vulnerability where an attacker could bypass authentication to trigger remote code execution and privilege escalation. The root cause is tied to improper access control, with ...

8.8CVSS8.9AI score0.02124EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/10/27 8:15 p.m.11 views

CVE-2020-25765

Addressed remote code execution vulnerability in regdevice.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140...

10CVSS9.8AI score0.05829EPSS
Exploits1References3
Rows per page
Query Builder